I am running arch in a data center and got a call about excessive bandwidth being consumed by my server today (actually over the last 3 weeks). I have done a bit of research to try and identify an application(s) which I can use to monitor what is actually going out over my NIC.
We serve large files to customers (about 5-10MB so maybe not that large) and from what I gather from my web logs we serve around 30GB a week. The ISP is seeing around 120GB/week. Obviously there is a large difference. I am looking for a tool that can monitor the bandwidth usage of my machine (much better than the apache logs - which is only for http traffic anyway) so that I can measure/identitfy the total bandwidth usage.
We've also thought about whether we have been hacked and are pretty sure (nothing is 100%) that we have not been comprimised. We run only http / ssh /smtp and nothing else for open ports. We downloaded the chkrootkit and that came out ok. Sometime in the next weeks we will "rebuild" the server and install tripwire (although I didn't see an arch package in the repos).
The isp is running more in depth traffic monitoring at the switch; I just wanted something that I could use to look at the traffic on my machine.
Before I dive into a specific application (I'm thinking of using ntop as a quick monitoring tool), I was wondering what other people thought about this and other tools.
Any advice or direction pointing would be much appreciated.
ntop (not sure if that is how it is spelled--basically it is network top)
I have used mrtg before, with snmp. Works fine.
rddtool apparently can generate nicer graphs, and is more flexible.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
I run vnstat on my router and have it update the figures every 5 minutes. I don't know if it's very accurate since I get 3 different numbers for my interfaces:
rx / tx / total / estimated eth0: yesterday 832.96 MB / 2,325 MB / 3,158 MB today 864.36 MB / 1,363 MB / 2,227 MB / 2,928 MB eth1: yesterday 2,371 MB / 862.99 MB / 3,234 MB today 1,396 MB / 885.23 MB / 2,282 MB / 2,998 MB ppp0: yesterday 3,011 MB / 3,724 MB / 6,735 MB today 1,311 MB / 787.56 MB / 2,099 MB / 2,758 MB
Unfortunately (more like OMFG YES IT'S GOD'S GIFT!!!!) my ISP's traffic monitor is totally screwed up so I have no way of comparing these numbers.
I don't think it eats up a lot of resources tho, so you could run it together with other apps.
A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.
I alsco recomment vnstat
easy to use and since it runs in the background it really is no pain :twisted:
ArchLinux (x86_64) w/ kdemod
Thanks for the pointers. I used both vnstat and ntop and they were both very helpful.
Now that we have resolved the consumption issue, my next step is to find an application that can monitor the bandwidth usage and issue warning emails if we exceed user defined thresholds.
Any pointers on such a monitoring app?
Thanks in advance again,
Don't know if this is of use or whether its overkill:
Yup - I've heard of it and am probably going to build it next week.
That is unless someone has a package build they would like to share.